Introduce topology rbac e2e tests

Signed-off-by: Dominika Zemanovicova <[email protected]>

Author: dzemanov

.ibm/pipelines/resources/config_map/app-config-rhdh-rbac.yaml

@@ -129,6 +129,7 @@ permission:
       - catalog
       - permission
       - scaffolder
+      - kubernetes
     admin:
       users:
         - name: user:default/rhdh-qe

.ibm/pipelines/value_files/values_showcase-rbac.yaml

@@ -42,6 +42,8 @@ global:
         disabled: false
       - package: ./dynamic-plugins/dist/backstage-community-plugin-tekton
         disabled: false
+      - package: ./dynamic-plugins/dist/backstage-community-plugin-topology
+        disabled: false
       - package: ./dynamic-plugins/dist/backstage-plugin-kubernetes
         disabled: false
       - package: ./dynamic-plugins/dist/backstage-plugin-kubernetes-backend-dynamic
@@ -70,10 +72,6 @@ global:
               - apiVersion: 'v1'
                 group: 'route.openshift.io'
                 plural: 'routes'
-              # Add to view topology code decorators
-              - group: 'org.eclipse.che'
-                apiVersion: 'v2'
-                plural: 'checlusters'
             serviceLocatorMethod:
               type: multiTenant
       # Enable OCM plugins.

e2e-tests/playwright/e2e/plugins/rbac/rbac.spec.ts

@@ -8,13 +8,13 @@ import {
 } from "../../../support/pageObjects/page-obj";
 import { Common, setupBrowser } from "../../../utils/common";
 import { UIhelper } from "../../../utils/ui-helper";
-import fs from "fs/promises";
 import { RbacPo } from "../../../support/pageObjects/rbac-po";
 import { RhdhAuthApiHack } from "../../../support/api/rhdh-auth-api-hack";
 import RhdhRbacApi from "../../../support/api/rbac-api";
 import { RbacConstants } from "../../../data/rbac-constants";
 import { Policy } from "../../../support/api/rbac-api-structures";
 import { CatalogImport } from "../../../support/pages/catalog-import";
+import { downloadAndReadFile } from "../../../utils/helper";
 
 /*
     Note that:
@@ -226,7 +226,10 @@ test.describe.serial("Test RBAC", () => {
 
     test("Should download the user list", async ({ page }) => {
       await page.locator('a:has-text("Download User List")').click();
-      const fileContent = await downloadAndReadFile(page);
+      const fileContent = await downloadAndReadFile(
+        page,
+        'a:has-text("Download User List")',
+      );
       const lines = fileContent.trim().split("\n");
 
       const header = "userEntityRef,displayName,email,lastAuthTime";
@@ -243,25 +246,6 @@ test.describe.serial("Test RBAC", () => {
       }
     });
 
-    async function downloadAndReadFile(
-      page: Page,
-    ): Promise<string | undefined> {
-      const [download] = await Promise.all([
-        page.waitForEvent("download"),
-        page.locator('a:has-text("Download User List")').click(),
-      ]);
-
-      const filePath = await download.path();
-
-      if (filePath) {
-        const fileContent = await fs.readFile(filePath, "utf-8");
-        return fileContent;
-      } else {
-        console.error("Download failed or path is not available");
-        return undefined;
-      }
-    }
-
     test("View details of a role", async ({ page }) => {
       const uiHelper = new UIhelper(page);
       await uiHelper.clickLink("role:default/rbac_admin");
@@ -293,7 +277,6 @@ test.describe.serial("Test RBAC", () => {
     test("Create and edit a role from the roles list page", async ({
       page,
     }) => {
-      const rolesHelper = new Roles(page);
       const uiHelper = new UIhelper(page);
 
       await uiHelper.clickButton("Create");
@@ -325,11 +308,12 @@ test.describe.serial("Test RBAC", () => {
 
       const rbacPo = new RbacPo(page);
       const testUser = "Jonathon Page";
-      await rbacPo.createRole("test-role", [
-        RbacPo.rbacTestUsers.guest,
-        RbacPo.rbacTestUsers.tara,
-        RbacPo.rbacTestUsers.backstage,
-      ]);
+      await rbacPo.createRole(
+        "test-role",
+        [RbacPo.rbacTestUsers.guest, RbacPo.rbacTestUsers.tara],
+        [RbacPo.rbacTestUsers.backstage],
+        [{ permission: "catalog.entity.delete" }],
+      );
       await page.click(
         ROLES_PAGE_COMPONENTS.editRole("role:default/test-role"),
       );
@@ -361,20 +345,20 @@ test.describe.serial("Test RBAC", () => {
       await usersAndGroupsLocator.waitFor();
       await expect(usersAndGroupsLocator).toBeVisible();
 
-      await rolesHelper.deleteRole("role:default/test-role");
+      await rbacPo.deleteRole("role:default/test-role");
     });
 
     test("Edit users and groups and update policies of a role from the overview page", async ({
       page,
     }) => {
-      const rolesHelper = new Roles(page);
       const uiHelper = new UIhelper(page);
       const rbacPo = new RbacPo(page);
-      await rbacPo.createRole("test-role1", [
-        RbacPo.rbacTestUsers.guest,
-        RbacPo.rbacTestUsers.tara,
-        RbacPo.rbacTestUsers.backstage,
-      ]);
+      await rbacPo.createRole(
+        "test-role1",
+        [RbacPo.rbacTestUsers.guest, RbacPo.rbacTestUsers.tara],
+        [RbacPo.rbacTestUsers.backstage],
+        [{ permission: "catalog.entity.delete" }],
+      );
 
       await uiHelper.searchInputAriaLabel("test-role1");
 
@@ -423,17 +407,18 @@ test.describe.serial("Test RBAC", () => {
       );
       await uiHelper.verifyHeading("Permission Policies (2)");
 
-      await rolesHelper.deleteRole("role:default/test-role1");
+      await rbacPo.deleteRole("role:default/test-role1");
     });
 
     test("Create a role with a permission policy per resource type and verify that the only authorized users can access specific resources.", async ({
       page,
     }) => {
-      const rolesHelper = new Roles(page);
       const uiHelper = new UIhelper(page);
-      await new RbacPo(page).createRole(
+      const rbacPo = new RbacPo(page);
+      await rbacPo.createConditionalRole(
         "test-role1",
-        ["Guest User", "rhdh-qe", "Backstage"],
+        ["Guest User", "rhdh-qe"],
+        ["Backstage"],
         "anyOf",
       );
 
@@ -444,7 +429,7 @@ test.describe.serial("Test RBAC", () => {
         .locator(SEARCH_OBJECTS_COMPONENTS.ariaLabelSearch)
         .fill("test-role1");
       await uiHelper.verifyHeading("All roles (1)");
-      await rolesHelper.deleteRole("role:default/test-role1");
+      await rbacPo.deleteRole("role:default/test-role1");
     });
   });
 

e2e-tests/playwright/e2e/plugins/topology/topology-rbac.spec.ts

@@ -0,0 +1,73 @@
+import { test } from "@playwright/test";
+import { Common } from "../../../utils/common";
+import { UIhelper } from "../../../utils/ui-helper";
+import { Catalog } from "../../../support/pages/catalog";
+import { Topology } from "../../../support/pages/topology";
+
+test.describe("Test Topology Plugin with RBAC", () => {
+  let common: Common;
+  let uiHelper: UIhelper;
+  let catalog: Catalog;
+  let topology: Topology;
+
+  test.beforeEach(async ({ page }, testInfo) => {
+    if (testInfo.retry > 0) {
+      // progressively increase test timeout for retries
+      test.setTimeout(testInfo.timeout + testInfo.timeout * 0.25);
+    }
+    common = new Common(page);
+    uiHelper = new UIhelper(page);
+    catalog = new Catalog(page);
+    topology = new Topology(page);
+  });
+
+  test.describe("Verify a user without permissions is not able to access parts of the Topology plugin", () => {
+    // User is able to read from the catalog
+    // User is missing 'kubernetes.clusters.read', 'kubernetes.resources.read', 'kubernetes.proxy' permissions
+    test("Verify pods are not visible in the Topology tab", async () => {
+      await common.loginAsKeycloakUser(
+        process.env.QE_USER6_ID,
+        process.env.QE_USER6_PASS,
+      );
+
+      await catalog.goToBackstageJanusProject();
+      await uiHelper.clickTab("Topology");
+      await topology.verifyMissingTopologyPermission();
+    });
+
+    // User is able to read from the catalog
+    // User has 'kubernetes.clusters.read' and 'kubernetes.resources.read' permissions
+    // User is missing 'kubernetes.proxy' permission (needed for pod logs)
+    test("Verify pod logs are not visible in the Topology tab", async () => {
+      await common.loginAsKeycloakUser(
+        process.env.QE_USER5_ID,
+        process.env.QE_USER5_PASS,
+      );
+      await catalog.goToBackstageJanusProject();
+      await uiHelper.clickTab("Topology");
+
+      await topology.verifyDeployment("topology-test");
+      await topology.verifyPodLogs(false);
+    });
+  });
+
+  // User is able to read from the catalog
+  // User has 'kubernetes.clusters.read', 'kubernetes.resources.read', 'kubernetes.proxy' permissions
+  test.describe("Verify a user with permissions is able to access the Topology plugin", () => {
+    test.beforeEach(async () => {
+      await common.loginAsKeycloakUser();
+
+      await catalog.goToBackstageJanusProject();
+      await uiHelper.clickTab("Topology");
+    });
+
+    test("Verify pods visibility in the Topology tab", async () => {
+      await topology.verifyDeployment("topology-test");
+    });
+
+    test("Verify pod logs visibility in the Topology tab", async () => {
+      await topology.verifyDeployment("topology-test");
+      await topology.verifyPodLogs(true);
+    });
+  });
+});

e2e-tests/playwright/e2e/plugins/topology/topology.spec.ts

@@ -2,20 +2,20 @@ import { test, expect } from "@playwright/test";
 import { Common } from "../../../utils/common";
 import { UIhelper } from "../../../utils/ui-helper";
 import { Catalog } from "../../../support/pages/catalog";
-// import { Topology } from "../../../support/pages/topology";
+import { Topology } from "../../../support/pages/topology";
 
 test.describe("Test Topology Plugin", () => {
   test.skip(() => process.env.JOB_NAME.includes("operator"));
   let common: Common;
   let uiHelper: UIhelper;
   let catalog: Catalog;
-  // let topology: Topology;
+  let topology: Topology;
 
   test.beforeEach(async ({ page }) => {
     common = new Common(page);
     uiHelper = new UIhelper(page);
     catalog = new Catalog(page);
-    // topology = new Topology(page);
+    topology = new Topology(page);
     await common.loginAsGuest();
   });
 
@@ -28,13 +28,10 @@ test.describe("Test Topology Plugin", () => {
     await uiHelper.clickTab("Topology");
     await uiHelper.verifyText("backstage-janus");
     await page.getByRole("button", { name: "Fit to Screen" }).click();
-    await uiHelper.verifyText("topology-test");
+    await topology.verifyDeployment("topology-test");
     await uiHelper.verifyButtonURL("Open URL", "topology-test-route", {
       locator: `[data-test-id="topology-test"]`,
     });
-    await page.locator("[data-test-id=topology-test] image").first().click();
-    await page.getByLabel("Pod").click();
-    await page.getByLabel("Pod").getByText("1", { exact: true }).click();
     await uiHelper.clickTab("Details");
     await uiHelper.verifyText("Status");
     await uiHelper.verifyText("Active");